In many facilities, the so-called 2G or 3G regulations are now in force (entry only for vaccinated and recovered or tested persons). Before one can enter here, a check of the certificate about vaccination, recovery or testing for Covid-19 takes place at an access control. But how does the testing of digital certificates work? Does this testing comply with data protection? You can find out here.
Digital verification of certificates
The easiest way to complete the test is to have the certificate in digital form. For both tests and vaccinations, this is possible via the corresponding apps such as the Corona warning app or the CovPass app. Organizers can scan a QR code in these apps (for example, with the CovPassCheck app) and then match the data displayed to them with a valid identification document of the guest. This is the easiest way to check the authenticity of the certificate and that the guest is also the person who has been vaccinated or tested.
The certificates stored by the guest in the app are saved offline by this app. When the organizer scans the QR code, the personal data is also read offline. The organizer must then compare this with an identification document. Simply showing the QR code without reading it out does not constitute sufficient verification. The fact that the guest can show a QR code on a cell phone says nothing about whether it meets the 2G or 3G regulations. After all, it may also be a third-party certificate.
Privacy concerns about digital verification of certificates
In some cases, concerns are expressed about data privacy in the digital verification of certificates. Above all, they question how secure the data and the verification process are. After all, this is personal data of a special category (health data), whose Processing often problematic is.
First of all, it can be said that the CovPassCheck app for verification does not save the certificates read out and the associated personal data. As soon as the app is closed, the read data is deleted from the working memory.
For the check by scanning the QR code, the devices of the guest and the organizer do not even have to be online. This again shows that there is no online check either. The check can even be performed in flight mode. One thing to keep in mind for users of the Corona Warning app, however, is that if Bluetooth, WLAN and location detection are turned off, the contact tracking function will also stop working. The CovPass app does not offer such contact tracking anyway and is only used to store certificates.
It should be noted that the same procedure can be used to check a QR code on paper. Pharmacies, for example, issue such a code.
Conclusion on the digital certificate
The digital vaccination certificate is a secure and fast solution to verify compliance with 2G or 3G regulations in a privacy-compliant manner.
Despite the offline check, the digital certificate is more secure in that there are now repeated cases of forged paper vaccination certificates being circulated. Regarding the time required, there is official information from the Robert Koch Institute that such a complete check takes only 20 seconds. If guests are advised to have the digital certificate and an identification document ready, this can also be implemented well.
English 
Deutsch 
Español 
Français 
Polski